Pavel Urban
pavel.urban@ct.cz
Mon Sep 19 06:24:28 UTC 2005
Hello,
I'm receiving user complaints about empty messages marked as spam by
dcc. Some people in our company routinely send messages with just
Subject: and 'empty' body. I've tried to add a rule for the most common
destination, but it obviously doesn't work. Is there a way to whitelist
this kind of traffic? Thanks!
from /var/dcc/whiteclnt:
ok env_to postmaster
env_to postmaster@iol.cz
env_to abuse@iol.cz
env_to tech@iol.cz
Here is one example of our 'bad' mail:
Received: from smtp-out3.iol.cz ([194.228.2.91]) by mail.imaginet.cz
with Microsoft SMTPSVC(6.0.3790.211);
Fri, 16 Sep 2005 16:25:16 +0200
Received: from ims1 (unknown [192.168.30.100])
by smtp-out3.iol.cz (Internet on Line ESMTP server) with ESMTP id
10C9431829D
for <ftechhelp@imaginet.cz>; Fri, 16 Sep 2005 16:25:17 +0200 (CEST)
Received: from antivir3.iol.cz ([192.168.30.206])
by ims-1.iol.cz (Internet on Line ESMTP Server)
with ESMTP id <0IMW005RZYQ494@ims-1.iol.cz> for ftechhelp@imaginet.cz
(ORCPT tech@iol.cz); Fri, 16 Sep 2005 16:25:16 +0200 (MEST)
Received: from localhost (antivir3.iol.cz [127.0.0.1])
by antivir3.iol.cz (Postfix) with ESMTP id E825A54003 for
<tech@iol.cz>; Fri,
16 Sep 2005 16:25:16 +0200 (CEST)
Received: from mta-in1 (unknown [192.168.30.12]) by antivir3.iol.cz
(Postfix)
with ESMTP id AD5E854002 for <tech@iol.cz>; Fri,
16 Sep 2005 16:25:16 +0200 (CEST)
Received: from dns1.ct.cz ([194.228.96.20])
by mta-in1.iol.cz (Internet on Line ESMTP Server)
with ESMTP id <0IMW00JGHYQ43K@mta-in1.iol.cz> for tech+antivir@iol.cz
(ORCPT tech@iol.cz); Fri, 16 Sep 2005 16:25:16 +0200 (MEST)
Received: from dns2.ct.cz (dns2.ct.cz [194.228.97.20])
by dns1.ct.cz (MTA-CT/ors-117) with ESMTP id j8GEPES03992 for
<tech@iol.cz>;
Fri, 16 Sep 2005 16:25:14 +0200
Received: from s638d0.user.ct.cz (s638d0.apl.ct.cz [172.26.198.96])
by dns2.ct.cz (MTA-CT/ors-117) with ESMTP id j8GEPEL18800 for
<tech@iol.cz>;
Fri, 16 Sep 2005 16:25:14 +0200
Date: Fri, 16 Sep 2005 16:25:12 +0200
From: =?iso-8859-2?Q?Michlovsk=FD_Zbyn=ECk?= <zbynek.michlovsky@ct.cz>
Subject: ***SPAM*** ID= 1213405 Nema postovni schranku a nemuze odesila
postu
To: tech@iol.cz
Message-id: <3294C67AFE7A7D4B9B3804F6C057B6BA95E9DA@S611D0.user.ct.cz>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-type: multipart/alternative;
boundary="Boundary_(ID_UcczzQXx69EceQhForuqmA)"
Content-class: urn:content-classes:message
Thread-topic: ID= 1213405 Nema postovni schranku a nemuze odesila postu
Thread-index: AcW6ynMMEQkeuwZeS4is30uA9sh7tw==
X-Original-To: tech@iol.cz
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-Virus-Scanned: amavisd-new at iol.cz
X-Spam-Status: Yes, hits=11.206 required=6.31 tests=[ALL_TRUSTED=-3.3,
AWL=0.670, BAYES_00=-2.599, DCC_CHECK=15, HTML_90_100=0.022,
HTML_MESSAGE=0.001, HTML_SHORT_LENGTH=0.389, MIME_HTML_MOSTLY=1.023]
X-Spam-Level: ***********
X-Spam-Flag: YES
X-Spam-Report: Spam detection software,
running on the system "antivir3.iol.cz",
has identified this incoming email as possible spam. The original
message has
been attached to this so you can view it (if it isn't spam) or label
similar
future email. If you have any questions,
see the administrator of that system for details. Content preview: [...]
Content analysis details: (11.2 points,
5.0 required) pts rule name description ----
----------------------
-------------------------------------------------- -3.3
ALL_TRUSTED Did not pass through any untrusted hosts 0.4
HTML_SHORT_LENGTH BODY: HTML is extremely short 1.0 MIME_HTML_MOSTLY
BODY: Multipart message mostly text/html MIME 0.0 HTML_MESSAGE
BODY: HTML included in message 0.0 HTML_90_100 BODY:
Message is 90%
to 100% HTML -2.6 BAYES_00 BODY: Bayesian spam
probability is 0
to 1% [score: 0.0000] 15 DCC_CHECK
Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 0.7 AWL
AWL: From: address is in the auto white-list
X-OriginalArrivalTime: 16 Sep 2005 14:25:14.0488 (UTC)
FILETIME=[74283780:01C5BACA]
Return-Path: zbynek.michlovsky@ct.cz
--Boundary_(ID_Ajzjx47ndAoM2iOIoklt+A)
Content-type: text/plain; charset=iso-8859-2
Content-transfer-encoding: 7BIT
--Boundary_(ID_Ajzjx47ndAoM2iOIoklt+A)
Content-type: text/html; charset=iso-8859-2
Content-transfer-encoding: 7BIT
--Boundary_(ID_Ajzjx47ndAoM2iOIoklt+A)--
--
***********************************************************************
Pavel Urban (pavel.urban@ct.cz)
IOL system disaster
Internet OnLine, www.iol.cz (owned by Czech Telecom, www.ct.cz)
***********************************************************************
Vegetables should not operate electronic equipment.
Computer Stupidities, http://rinkworks.com/stupid/
***********************************************************************
More information about the DCC
mailing list
